This paper presents the first adaptively simulation secure functional encryption (FE) schemes for attribute-weighted sums. In the proposed FE schemes, attributes are viewed as vectors and weight functions are arithmetic branching programs (ABP). We present two schemes with varying parameters and levels of adaptive simulation security.

(a):

We first present a one-slot scheme supporting a bounded number of ciphertext queries and an arbitrary polynomial number of secret key queries both before and after the ciphertext queries. This is the best possible level of security one can achieve in the adaptive simulation-based framework. The scheme also achieves indistinguishability-based adaptive security against an unbounded number of ciphertext and secret key queries.

(b):

Next, bootstrapping from the one-slot scheme, we present an unbounded-slot scheme that can support a bounded number of ciphertext and pre-ciphertext secret key queries while supporting an a-priori unbounded number of post-ciphertext secret key queries.

Both schemes enjoy ciphertexts that do not grow with the number of appearances of the attributes within the weight functions. The schemes are built upon prime-order asymmetric bilinear groups and the security is derived under the standard (bilateral) k-Linear (k-Lin) assumption. Our work resolves an open problem posed by Abdalla et al (In: CRYPTO, Springer, New York, 2020), where they presented an unbounded-slot FE scheme for attribute-weighted sum achieving only semi-adaptive simulation security. Technically, we extend the recent adaptive security framework of Lin and Luo (In: EUROCRYPT, Springer, New York, 2020), devised to achieve compact ciphertexts in the context of indistinguishability-based payload-hiding security, to the setting of simulation-based adaptive attribute-hiding security.

本文提出了第一个用于属性加权和的自适应模拟安全函数加密 ( FE ) 方案。在所提出的FE方案中，属性被视为向量，权重函数是算术分支程序 ( ABP )。我们提出了两种具有不同参数和自适应仿真安全级别的方案。

（A）：

我们首先提出一个单时隙方案，支持有限数量的密文查询和密文查询前后的任意多项式密钥查询。这是在基于自适应仿真的框架中可以实现的最佳安全级别。该方案还针对无限数量的密文和密钥查询实现了基于不可区分性的自适应安全性。

(二):

接下来，从单时隙方案开始，我们提出了一种无界时隙方案，它可以支持有限数量的密文和预密文密钥查询，同时支持先验无限数量的后密文密钥查询。

这两种方案都享有密文，这些密文不会随着权重函数中属性出现的次数而增长。这些方案建立在素数阶不对称双线性群之上，安全性是在标准（双边）k-线性 ( k - Lin ) 假设下得出的。我们的工作解决了Abdalla 等人提出的一个开放性问题（In: CRYPTO, Springer, New York, 2020），他们提出了一个无界槽FE仅实现半自适应仿真安全的属性加权和方案。从技术上讲，我们将 Lin 和 Luo 最近的自适应安全框架（In：EUROCRYPT，Springer，New York，2020）扩展到基于模拟的设置自适应属性隐藏安全。